Ausführen beliebiger Kommandos in Puppet
ID: | FEDORA-2017-b9b66117bb |
Distribution: | Fedora |
Plattformen: | Fedora 26 |
Datum: | Sa, 10. Juni 2017, 11:47 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295 |
Applikationen: | Puppet |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-b9b66117bb 2017-06-09 18:48:36.540434 -------------------------------------------------------------------------------- Name : puppet Product : Fedora 26 Version : 4.6.2 Release : 4.fc26 URL : http://puppetlabs.com Summary : A network tool for managing many disparate systems Description : Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. -------------------------------------------------------------------------------- Update Information: Contains fixes to ensure Puppet can start correctly and a security fix for remote code execution tracked as [CVE-2017-2295](https://bugzilla.redhat.com/show_bug.cgi?id=1452654). * Fix remote code execution in Puppet master during fact uploads - Fedora#1452654 * Fix SSL monkey patches error on startup - Fedora#1440710 , Fedora#1443673 * Fix xmlrpc/client require error on startup - Fedora#1443673 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1452651 - CVE-2017-2295 puppet: Unsafe YAML deserialization https://bugzilla.redhat.com/show_bug.cgi?id=1452651 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade puppet' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org |